Cyber Lab Advisories

Our Cyber services are all focused on understanding and improving the security of a design, product or system. As part of this work we may come across a previously unknown security vulnerability (a zero-day vulnerability) in our clients’ products or those of a third party.

Vulnerability Disclosure

This policy defines our process for what we do in such an event, whether the vulnerability was discovered as part of a client engagement or for our own research.

 

The disclosure of vulnerabilities to the vendor follows our coordinated disclosure process, which is detailed here. Advisories related to issues we have discovered are also detailed below.

 

Whilst 90 days is now the industry standard for a fixed disclosure period, we understand that this isn’t always an achievable amount of time to develop and distribute a patch, and are happy to work with vendors to appropriately manage the disclosure.

 

Goals of this process:

  • Ensure 6point6 clients and partners are provided with the timely and effective protection against any vulnerabilities in their systems.
  • Enable vendors, suppliers and partners to deliver appropriate fixes in a timely manner.
  • Inform end-users of vulnerable products of appropriate security fixes and/or workarounds, or allow them to make an informed choice about using a product.
  • Utilise appropriate channels to distribute vulnerability information to the InfoSec and IT community.
  • Deliver accurate vulnerability information to enable the wider InfoSec community to accurately access their risk and exposure.

Get in touch

We’re on hand to answer any questions you might have about the Cyber Lab or the research we’re doing.

Leave your details below and we’ll be in touch.